svn commit: r310399 - projects/ipsec/sys/netinet
Andrey V. Elsukov
ae at FreeBSD.org
Thu Dec 22 13:58:31 UTC 2016
Author: ae
Date: Thu Dec 22 13:58:29 2016
New Revision: 310399
URL: https://svnweb.freebsd.org/changeset/base/310399
Log:
Convert SCTP code to use IPsec methods.
Modified:
projects/ipsec/sys/netinet/sctp_input.c
projects/ipsec/sys/netinet/sctp_os_bsd.h
projects/ipsec/sys/netinet/sctp_pcb.c
Modified: projects/ipsec/sys/netinet/sctp_input.c
==============================================================================
--- projects/ipsec/sys/netinet/sctp_input.c Thu Dec 22 13:57:29 2016 (r310398)
+++ projects/ipsec/sys/netinet/sctp_input.c Thu Dec 22 13:58:29 2016 (r310399)
@@ -5771,7 +5771,7 @@ sctp_common_input_processing(struct mbuf
} else if (stcb == NULL) {
inp_decr = inp;
}
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/*-
* I very much doubt any of the IPSEC stuff will work but I have no
* idea, so I will leave it in place.
@@ -5780,17 +5780,23 @@ sctp_common_input_processing(struct mbuf
switch (dst->sa_family) {
#ifdef INET
case AF_INET:
- if (ipsec4_in_reject(m, &inp->ip_inp.inp)) {
- SCTP_STAT_INCR(sctps_hdrops);
- goto out;
+ if (IPSEC_ENABLED(ipv4)) {
+ if (IPSEC_CHECK_POLICY(ipv4, m,
+ &inp->ip_inp.inp) != 0) {
+ SCTP_STAT_INCR(sctps_hdrops);
+ goto out;
+ }
}
break;
#endif
#ifdef INET6
case AF_INET6:
- if (ipsec6_in_reject(m, &inp->ip_inp.inp)) {
- SCTP_STAT_INCR(sctps_hdrops);
- goto out;
+ if (IPSEC_ENABLED(ipv6)) {
+ if (IPSEC_CHECK_POLICY(ipv6, m,
+ &inp->ip_inp.inp) != 0) {
+ SCTP_STAT_INCR(sctps_hdrops);
+ goto out;
+ }
}
break;
#endif
@@ -5798,7 +5804,7 @@ sctp_common_input_processing(struct mbuf
break;
}
}
-#endif
+#endif /* IPSEC */
SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n",
(void *)m, iphlen, offset, length, (void *)stcb);
if (stcb) {
Modified: projects/ipsec/sys/netinet/sctp_os_bsd.h
==============================================================================
--- projects/ipsec/sys/netinet/sctp_os_bsd.h Thu Dec 22 13:57:29 2016 (r310398)
+++ projects/ipsec/sys/netinet/sctp_os_bsd.h Thu Dec 22 13:58:29 2016 (r310399)
@@ -82,16 +82,10 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_icmp.h>
#include <netinet/icmp_var.h>
-#ifdef IPSEC
-#include <netipsec/ipsec.h>
-#include <netipsec/key.h>
-#endif /* IPSEC */
+#include <netipsec/ipsec_support.h>
#ifdef INET6
#include <sys/domain.h>
-#ifdef IPSEC
-#include <netipsec/ipsec6.h>
-#endif
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
Modified: projects/ipsec/sys/netinet/sctp_pcb.c
==============================================================================
--- projects/ipsec/sys/netinet/sctp_pcb.c Thu Dec 22 13:57:29 2016 (r310398)
+++ projects/ipsec/sys/netinet/sctp_pcb.c Thu Dec 22 13:58:29 2016 (r310399)
@@ -2459,7 +2459,7 @@ sctp_inpcb_alloc(struct socket *so, uint
SCTP_INP_INFO_WUNLOCK();
return (ENOBUFS);
}
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
error = ipsec_init_pcbpolicy(&inp->ip_inp.inp);
if (error != 0) {
crfree(inp->ip_inp.inp.inp_cred);
@@ -2494,7 +2494,7 @@ sctp_inpcb_alloc(struct socket *so, uint
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
so->so_pcb = NULL;
crfree(inp->ip_inp.inp.inp_cred);
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
ipsec_delete_pcbpolicy(&inp->ip_inp.inp);
#endif
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
@@ -2517,7 +2517,7 @@ sctp_inpcb_alloc(struct socket *so, uint
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
so->so_pcb = NULL;
crfree(inp->ip_inp.inp.inp_cred);
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
ipsec_delete_pcbpolicy(&inp->ip_inp.inp);
#endif
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
@@ -3623,7 +3623,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp,
* macro here since le_next will get freed as part of the
* sctp_free_assoc() call.
*/
-#ifdef IPSEC
+#if defined(IPSEC) || defined(IPSEC_SUPPORT)
ipsec_delete_pcbpolicy(ip_pcb);
#endif
if (ip_pcb->inp_options) {
More information about the svn-src-projects
mailing list